b'Department of Homeland Security\n   Of\xef\xac\x81ce of Inspector General\n\n             Security Issues with U.S. Customs \n\n             and Border Protection\xe2\x80\x99s Enterprise \n\n                  Wireless Infrastructure\n \n\n\n\n\n\nOIG-11-118                                    September 2011\n\x0c                                                          Office of Inspector General\n\n                                                          U.S. Department of Homeland Security\n                                                          Washington, DC 20528\n\n\n\n\n                              September 28, 2011\n\nMEMORANDUM FOR: \t             Charles Armstrong\n                              Assistant Commissioner\n                              Office of Information and Technology\n                              U.S. Customs and Border Protection\n\nFROM:                         Frank Deffer\n                              Assistant Inspector General\n                              Information Technology Audits\n\nSUBJECT: \t                    Final Letter Report: Security Issues with U.S. Customs and\n                              Border Protection\xe2\x80\x99s Enterprise Wireless Infrastructure\n\nAttached for your information is our final letter report, Security Issues with U.S. Customs\nand Border Protection\xe2\x80\x99s Enterprise Wireless Infrastructure. We incorporated the formal\ncomments from U.S. Customs and Border Protection in the report.\n\nThe report contains three recommendations aimed at improving U.S. Customs and Border\nProtection\xe2\x80\x99s overall effectiveness in securing its wireless infrastructure. Your office\nconcurred with all of the recommendations. Within 90 days of the date of this\nmemorandum, please provide our office with a written response that includes your\n(1) agreement or disagreement, (2) corrective action plan, and (3) target completion date\nfor each recommendation. Also, please include responsible parties and any other\nsupporting documentation necessary to inform us about the current status of the\nrecommendation. Until your response is received and evaluated, the recommendations\nwill be considered open and unresolved.\n\nConsistent with our responsibility under the Inspector General Act, we are providing\ncopies of our report to appropriate congressional committees with oversight and\nappropriation responsibility over the Department of Homeland Security. The report will\nbe posted on our website.\n\nShould you have any questions, please call me, or your staff may contact\nRichard Saunders, Director, Advanced Technology Division, at (202) 254-5440.\n\nAttachment\n\x0cBackground\nBecause wireless networks and devices offer connectivity without the physical\nrestrictions associated with wired infrastructures, the use of wireless technology has\ngrown significantly. Wireless networks and devices can offer many benefits to\ngovernment agencies, such as expanded network accessibility that promotes increased\nflexibility for the federal workforce. Further, remote accessibility may allow federal\npersonnel to perform critical functions and maintain government continuity of operations\nin the event of an emergency situation or natural disaster. However, wireless networks\nand devices also present significant security challenges, including cyber threats, weak\nphysical controls of wireless infrastructure and devices, and unauthorized or rogue\ndeployments of wireless access points.1\n\nWireless systems include local area networks, personal area networks, laptop computers,\ncellular phones, and other devices, such as wireless headphones and other handheld\ndevices. The most common transmission standards used for wireless devices are the\nInstitute of Electrical and Electronics Engineers 802.11 standards and 802.15 Bluetooth\xc2\xae\ntechnologies.\n\nOwing to the large scale of U.S. Customs and Border Protection\xe2\x80\x99s (CBP) responsibilities\nat airports, seaports, rail inspection areas, and outbound lanes, implementing wireless\ntechnologies at these locations would assist the officers, agents, and inspectors in\nperforming their job functions. CBP designed its Enterprise Wireless Infrastructure\n(EWI) based on 802.11 technologies to accommodate connectivity at CBP sites to\npromote wireless capabilities or where traditional wired networks may not be feasible.\nThe servers for managing EWI\xe2\x80\x99s wireless communications are located at the National\nData Center in Springfield, Virginia.\n\nCBP\xe2\x80\x99s current wireless infrastructure evolved from the Department of the Treasury\xe2\x80\x99s\nlegacy wireless program for the Treasury Enforcement Communications System (TECS).\nThe program was developed to provide personnel with wireless access to TECS at major\nair, land, and sea ports of entry. In 2003, as technology improved, CBP initiated its EWI\nprogram to improve the mobility of its workforce. CBP\xe2\x80\x99s Office of Information and\nTechnology had taken steps to deploy a wireless infrastructure at selected locations\nthroughout the continental United States and the Commonwealth of the Northern Mariana\nIslands. In 2008, CBP tested and deployed EWI as a production system at 51 sites.\n\nResults of Review\nCBP has made progress in improving EWI security controls. However, additional steps\nare needed to further strengthen EWI security. Specifically, CBP needs to (1) remediate\nits current plans of action and milestones (POA&Ms) in a timely manner, (2) enable and\nmonitor the wireless intrusion detection systems (WIDS) to protect its network, and\n1\n A rogue access point is accessible to an organization\xe2\x80\x99s employees and outsiders and is not managed as\npart of the approved network. Most rogue access points are installed by employees and not managed by\nsystem administrators.\n\n                                                 Page 2\n\x0c(3) perform regular vulnerability assessments to identify vulnerabilities and evaluate the\neffectiveness of existing wireless security controls.\n\nCBP Has Taken Steps To Secure EWI\n\nCBP has taken the following steps to improve its wireless security posture:\n\n         Published a policy and implementation guidance in 2009 to use in developing and\n         implementing its wireless security program.2 This policy incorporates guidance\n         from the National Institute of Standards and Technology (NIST), the National\n         Security Agency, and the Department of Defense. In addition, the policy includes\n         a wireless security checklist that provides security requirements for all wireless\n         systems.\n\n         Certified and accredited (C&A) EWI in July 2010, following the process outlined\n         in NIST Special Publication (SP) 800-37.3 The EWI C&A process included all\n         the required C&A documentation, such as a system security plan, risk assessment,\n         system test and evaluation plan, security assessment report, contingency plan,\n         contingency plan test results, and self-assessment.\n\n         Performed an independent security test and evaluation (ST&E) that identified\n         15 information security program risks, as part of its EWI C&A process. CBP is\n         tracking these information technology (IT) security weaknesses in the Department\n         of Homeland Security (DHS) enterprise management tool.4\n\n         Established adequate wireless security configurations to protect its wireless\n         networks and devices against commonly known security vulnerabilities.\n\n         For example, CBP (1) uses WPA2 Advanced Encryption Standard between\n         laptops and wireless access points to protect the confidentiality of data;\n         (2) disables the wireless Service Set Identifier (SSID) from being publicly\n         broadcasted to potential attackers;5 (3) installs proprietary software on its laptops\n         to connect to the wireless network; and (4) requires personnel to use two-factor\n\n2\n  CBP Information Systems Security Policies and Procedures Handbook, HB 1400-05D, Attachment Q1,\ndated July 27, 2009.\n3\n  Certification is a comprehensive assessment of the management, operational, and technical security\ncontrols in an information system, made in support of security accreditation, to determine the extent to\nwhich the controls are implemented correctly, operating as intended, and producing the desired outcome\nwith respect to meeting the security requirements for the system. Accreditation is the official management\ndecision given by a senior agency official to authorize operation of an information system and to explicitly\naccept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or\nindividuals, based on the implementation of an agreed-upon set of security controls.\n4\n  DHS uses an enterprise management tool, Trusted Agent FISMA, to collect and track data related to all\nPOA&Ms, including self-assessments, and C&A data.\n5\n  The SSID is a configurable identification that allows clients to communicate to the appropriate base\nstation. With proper configuration, only clients that are configured with the same SSID can communicate\nwith base stations having the same SSID. From a security point of view, the SSID acts as a simple single\nshared password between base stations and clients.\n\n                                                   Page 3\n\x0c        authentication to access the wireless network. We verified the effectiveness of\n        these controls through observations or by using the AirMagnet Wi-Fi Analyzer\n        PRO software to conduct testing at selected CBP sites.6 Our scans did not\n        identify any high or medium risk vulnerabilities that pose significant threats on\n        authorized CBP wireless networks and devices. Additionally, we did not identify\n        any unauthorized or rogue wireless devices.\n\n        Incorporated wireless security awareness into its annual security awareness and\n        rules of behavior training. In fiscal year 2011, 59,025 of 60,000 (98%) CBP\n        personnel received IT security awareness training. For CBP personnel with\n        significant security responsibilities, 1,223 of 1,231 (99%) have received specialized\n        training as recommended in NIST SP 800-50 and 800-16. The CBP Information\n        Systems Security Policies and Procedures Handbook, HB 1400-05D, Attachment\n        Q1, indicates that any appropriate wireless security awareness training should be\n        included in CBP\xe2\x80\x99s annual training.\n\nDespite these efforts, CBP faces challenges in fully implementing a secure wireless\ninfrastructure. Specifically, CBP needs to (1) manage and remediate the deficiencies\nidentified in the EWI POA&Ms to ensure that corrective actions are taken; (2) enable\nwireless intrusion detection functionality to monitor network activity; and (3) perform\nregular vulnerability assessments to ensure that wireless networks and devices are\noperating securely.\n\nCBP Needs To Address EWI POA&M Deficiencies\n\nThe EWI Information Systems Security Officer (ISSO) is responsible for ensuring the\nimplementation and maintenance of security controls in accordance with DHS policies\nand the EWI System Security Plan (SSP). In July 2010, as part of EWI\xe2\x80\x99s C&A process,\nthe ISSO coordinated with CBP\xe2\x80\x99s Security Technology and Policy Branch to perform an\nindependent ST&E. The assessment identified 15 EWI wireless security vulnerabilities\nand risks that compromise the integrity of the system. The ISSO entered these weaknesses\ninto DHS\xe2\x80\x99 enterprise management tool to assess, prioritize, and monitor the progress of\ncorrective actions and remediation efforts.\n\nAlthough 15 security weaknesses were initially identified, 8 deficiencies were either\nremediated by the ISSO or granted exceptions by the DHS Chief Information Security\nOfficer (CISO).7 CBP requested an exception because it was unable to bring EWI\xe2\x80\x99s\ncontrol weaknesses into compliance with DHS policy. For example, EWI used a Cisco\xc2\xae\n\n6\n  The AirMagnet Wi-Fi Analyzer PRO software automatically detects and alerts users to wireless\nintrusions, penetration attempts, and hacking strategies, including rogue devices, devices sending\nunencrypted data, and other potentially damaging security configurations.\n7\n  DHS components may request waivers to or exceptions from any portion of DHS 4300A, for up to 6\nmonths, any time they are unable to fully comply with policy requirements. Exceptions are generally\nlimited to systems that are unable to comply because of an impact to mission, excessive costs, and\ncommercial-off-the-shelf products that cannot be configured to support control requirements. Requests are\nmade through the component\xe2\x80\x99s ISSO for the system to the component\xe2\x80\x99s respective CISO, and then to the\nDHS CISO.\n\n                                                 Page 4\n\x0ccommercial-off-the-shelf product to build its wireless architecture, but this product does\nnot use Secure File Transfer Protocol and Secure Socket Layer Protocol as required by\nDHS configuration guidelines.8 In December 2010, CBP network architects submitted a\nrequest to Cisco\xc2\xae to explore future code releases to comply with DHS policy; however,\nthese weaknesses have not been addressed.\n\nAs of June 2011, CBP had not remediated the seven remaining POA&Ms. For example:\n\n         Wireless activities have not been transitioned from the development team to the\n         DHS Security Operations Center (SOC).9\n         Field technology officers have not received training on how to handle and respond\n         to EWI system events.\n         An EWI alternate site has not been established for backup redundancy.\n         Public Key Infrastructure is not being used with EWI because this technology is\n         not available at an organization level.10\n\nAdditionally, the ISSO has not updated the current status of the outstanding seven\nweaknesses in DHS\xe2\x80\x99 enterprise management tool.\n\nAccording to DHS 4300A Sensitive Systems Handbook, Attachment H, a POA&M\nprovides a high-level view of what needs to be done to correct identified weaknesses.\nPOA&M data should be monitored on a continuous basis and updated as events occur.\nDHS requires that all information in the POA&M be updated at least monthly and be\naccurate on the first day of each month for Department tracking and reporting purposes.\n\nWithout an effective remediation program, identified vulnerabilities may not be resolved\nin a timely manner, thereby allowing opportunities for unauthorized individuals to exploit\nthese weaknesses and gain access to sensitive information and systems.\n\nCBP Needs To Enable Wireless Intrusion Detection Functionality\n\nCBP has not enabled the WIDS to protect EWI\xe2\x80\x99s network from potential malicious\nactivities or threats.11 According to the CBP Information Systems Security Policies and\nProcedures Handbook, HB 1400-05D, Attachment Q1, a WIDS should incorporate\n\n8\n  Secure File Transfer and Secure Socket Layer Protocols are used for protecting information during the\ntransmission between a client and the server.\n9\n  The DHS SOC coordinates Department-level incident response and reporting, assists DHS\xe2\x80\x99 components\nwith incident response, and identifies and resolves computer security irregularities that affect the ability of\nDHS to conduct its mission. The SOC is responsible for centralized management and oversight of the CBP\nand the DHS cyber intelligence program, digital media analysis, and penetration testing and vulnerability\nassessment teams.\n10\n   Public Key Infrastructure is used as a support service to the Personal Identity Verification system, which\nprovides the cryptographic keys needed to perform digital signature based identity verification, and to\nprotect communications and storage of sensitive verification system data within the identity cards and the\nverification system.\n11\n   WIDS can inspect the network traffic for policy violations, vulnerability exploitations, anomalous\nactivity, and rogue wireless access points.\n\n                                                    Page 5\n\x0cremote sensors that monitor the airwaves and report findings to a WIDS management\nappliance. Further, NIST SP 800-53A recommends that organizations employ automated\ntools to support real-time analysis of events. These systems scan the airwaves to detect\nmalicious activities such as the installation of unauthorized devices, access point outages,\nwireless client device hijacking, denial of service attacks, unauthorized ad-hoc or peer-to\xc2\xad\npeer networks, and other wireless network vulnerabilities.\n\nWithout enabling wireless intrusion detection functionality, CBP will not be able to\nmonitor wireless security activity, detect potential attacks, notify the appropriate officials\nof an incident, and take corrective actions.\n\nCBP Needs To Establish Processes for Performing Regular EWI Vulnerability\nAssessments\n\nCBP is not performing wireless vulnerability and security scans of EWI to ensure that\nauthorized wireless networks and devices are adequately secured and to detect\nunauthorized or rogue wireless networks and devices. Scanning tools can identify\noutdated software, validate compliance with organizational security policy, and generate\nalerts and reports about identified vulnerabilities. According to the Director of the DHS\nSOC, CBP does not have the necessary tools or resources to perform on-site wireless\nsecurity assessments. In addition, according to the CBP Vulnerability Assessment Team\nliaison, the technical engineers are only capable of scanning wireless access points\nconnected to the wired network.\n\nAccording to the DHS 4300A Sensitive Systems Handbook, CBP is responsible for\nperforming periodic scans to identify vulnerabilities and take corrective actions. Due to\nthe inherent risks of wireless technologies, the CBP Information Systems Security\nPolicies and Procedures Handbook, HB 1400-05D, requires frequent security testing and\nevaluation of controls to be conducted for deployed wireless technologies.\n\nWithout an established process to perform regular vulnerability assessments, CBP cannot\nevaluate wireless security risks impacting its operations and timely implement the\nnecessary corrective actions. Without regular vulnerability assessments, inappropriate or\nmalicious activity by an unauthorized or authorized user may not be detected.\n\nRecommendations\nWe recommend that the CBP Assistant Commissioner, Office of Information and\nTechnology take the following actions to improve EWI\xe2\x80\x99s security:\n\n   1.\t Remediate POA&Ms in a timely manner to minimize potential security risks.\n\n   2.\t Enable the WIDS incorporated into EWI\xe2\x80\x99s hardware devices to protect its \n\n       wireless network from potential malicious activities or threats.\n\n\n\n\n\n                                            Page 6\n\x0c   3.\t Establish a process to perform regular vulnerability assessments to evaluate the\n       effectiveness of EWI\xe2\x80\x99s wireless security and to detect unauthorized wireless\n       networks and devices.\n\nManagement Comments and OIG Analysis\nWe obtained written comments on a draft report from the CBP Assistant Commissioner,\nOffice of Internal Affairs. We have included a copy of the comments, in its entirety, in\nappendix B. The CBP Assistant Commissioner concurred with all three recommendations.\n\nRecommendation 1\n\nFor recommendation 1, CBP states that it will review and update the POA&Ms in order\nto update and close those that have been remediated. Those that remain open will reflect\nwhat remains to be done in order to minimize their potential security risks.\n\nCBP identified two open POA&Ms to be addressed. The first POA&M is the need to\nduplicate the data center network infrastructure at the DHS Data Center 1 (Stennis) that\nsupports the EWI. This would facilitate network redundancy in the event of failure of the\nprimary network. The second POA&M provides adequate staff to support the EWI.\n\nA Resource Requirement Request will be submitted as part of the first quarter fiscal year\n(FY) 2012 submission. Once funding is obtained, CBP will be able to obtain the\nnecessary resources to remediate these open POA&Ms. The completion date for this\nrecommendation is January 1, 2013.\n\nOIG Analysis\n\nWe agree that the actions being taken satisfy the intent of this recommendation. This\nrecommendation will remain open until CBP provides documentation to support that the\nplanned corrective actions are completed.\n\nRecommendation 2\n\nCBP concurs with recommendation 2 based on its understanding that its intent is to fully\nutilize the WIDS by putting the device on the EWI network and actively monitoring the\ndata captured by the WIDS. CBP has WIDS devices at each of the 51 CBP sites where\nEWI is deployed and is logging data. However, no one is currently monitoring and\nreviewing the data for anomalous activity.\n\nCBP has created a Resource Requirement Request to be submitted as part of the first\nquarter FY 2012 submission to obtain the necessary funding to address the monitoring of\nthe WIDS data. Once funding is obtained, CBP will be able to assign the necessary\nresources to accomplish that task.\n\n\n\n\n                                          Page 7\n\x0cIn addition, CBP is presently engaged in transferring ownership of the EWI from the\nEnterprise Networks and Technology Support Division to the Network Security Office.\nThis process includes documenting the EWI Wireless Control System so that the\nNetwork Security Office can properly manage the EWI system in terms of operations and\nmaintenance and generation of audit reports. The proposed completion date for this\nrecommendation is January 1, 2013.\n\nOIG Analysis\n\nWe agree that the actions being taken satisfy the intent of this recommendation. This\nrecommendation will remain open until CBP provides documentation to support that the\nplanned corrective actions are completed.\n\nRecommendation 3\n\nCBP concurs with OIG recommendation 3. CBP has set up vulnerability scans for all\nEWI Wireless Controllers, and the Wireless Information Systems Security Officer is\ncurrently conducting scans. A schedule will be formalized by December 2011 to ensure\nthat the scans are scheduled and conducted on a regular and recurring basis. The\nproposed completion date for this recommendation is December 31, 2011.\n\nOIG Analysis\n\nWe agree that the actions being taken satisfy the intent of this recommendation. This\nrecommendation will remain open until CBP provides documentation to support that the\nplanned corrective actions are completed.\n\n\n\n\n                                        Page 8\n\x0cAppendix A\nPurpose, Scope, and Methodology\n\n                   The objectives of our review were to determine whether CBP has\n                   implemented the required wireless security controls on authorized\n                   wireless systems and devices and to assess the effectiveness of\n                   CBP\xe2\x80\x99s ability to detect and prevent unauthorized networks and\n                   devices.\n\n                   We reviewed DHS policies and procedures, as well as prior audit\n                   reports. We reviewed CBP wireless topography and design\n                   documentation, security authorization packages, and other\n                   certification and accreditation deliverables. We interviewed\n                   selected personnel, management officials, and subject matter\n                   experts that were relevant to this audit. Also, we distributed a\n                   questionnaire to the 51 CBP sites that had initially deployed\n                   802.11 wireless technologies to determine where wireless security\n                   assessments could be performed and to identify wireless issues or\n                   concerns.\n\n                   In addition to distributing the questionnaire, we conducted\n                   fieldwork at CBP headquarters in Washington, DC; National Data\n                   Center in Springfield, Virginia; Washington Dulles International\n                   Airport in Sterling, Virginia; Dundalk Seaport in Baltimore,\n                   Maryland; DHL Facility at the Cincinnati-Northern Kentucky\n                   International Airport in Erlanger, Kentucky; CBP Port of Entry in\n                   Douglas, Arizona; and the Unisys Government Test Lane Facility\n                   in Fredericksburg, Virginia. Fieldwork was performed through\n                   conference calls and data calls at the Saipan International Airport\n                   and the Rota International Airport in the Commonwealth of the\n                   Northern Mariana Islands.\n\n                   We conducted our review between November 2010 and May 2011.\n                   This was a limited scope review; therefore, our work was not\n                   performed in accordance with generally accepted government\n                   auditing standards. Major OIG contributors to the evaluation are\n                   identified in appendix C.\n\n                   We appreciate the efforts by CBP management and staff to provide\n                   the information and access necessary to accomplish this review.\n\n\n\n\n                                       Page 9\n\x0cAppendix B\nManagements Comments to the Draft Letter Report\n\n\n\n\n                                                                               1300 Pennsylva.nla Avenue NW\n                                                                               Washington. DC 20129\n\n\n\n                                                                               u.s. Customs and\n                                                                               Border Protection\n                                                                              August 31,2011\n\n\n\n\n           MEMORANDUM FOR FRANK DEFFER\n                          ASSISTANT fNSPECTOR GENERAL FOR IT AUDITS\n                          DEPARTMENT OF HOMELAND SECURITY\n\n           FROM:                    Assistant Commissioner ~ ~\n                                    Office of Internal Affairs        -\n                                    U.S. Customs and Border Pro ction\n\n           SUBJECT:                 Response to the Office of Inspector General\'s Draft Report\n                                    Entitled, "Security Issues with U.S. Customs and Border\n                                    Protection\'s Enterprise Wireless Infrastructure"\n\n           Thank you for providing us with a copy of your draft report entitled "Security Issues with\n           U.S. Customs and Border Protection\'s Enterprise Wireless Infrastructure," and the\n           opportunity to comment on the issues in this report.\n\n           The report contains three recommendations directed to U.S. Customs and Border\n           Protection (CBP). A summary of CBP actions and corrective plans to address the\n           recommendations is provided below:\n\n           Recommendation #1: Remediate open Plan of Action and Milestones in a timely manner\n           to minimize potential security risks.\n\n           CBP Response: Concur. CDP has reviewed and re-baselined the master Plan of Action\n           and Milestones (PO AM) list and schedule with the Information System Security Manager\n           (lSSM) in order to remediate what can be closed, and open new POAMs to reflect what\n           still needs to be done in order to minimize potential security risks.\n\n           CBP has identified that there are two parts to the risks to be addressed. The first is the\n           duplication of the data center infrastructure supportjng the Enterprise Wireless\n           Infrastructure (EWI) within the DHS Data Center 1 (Stennis) facility to support\n           redundancy in the design. The second is providing adequate staff to support the EWI. A\n           Resource Requirement Request (RRR) will be submitted as part of the 1st quarter Fiscal\n           Year 2012 submission. Once funding is obtained, CBP will be able to obtain the\n           necessary resources to remediate the open POAMs.\n\n           Completion Date: January 1,2013\n\n\n\n\n                                                  Page 10\n\n\x0cAppendix B\nManagements Comments to the Draft Letter Report\n\n\n\n                                                        2\n\n\n           Recommendation #2: Enable the wireless intrusion detection system, which is\n           incorporated into the Enterprise Wireless Infrastructure\'s hardware devices, to protect its\n           wireless network from potential malicious activities or threats.\n\n           CBP Response: Concur. CBP concurs with this recommendation based on the\n           understanding that the intent of the recommendation is to encompass both enabling and\n           monitoring of Wireless Intrusion Detection system (WIDS). CBP has enabled the wIDS\n           hut is not currently monitoring the system. CBP has created a Resource Requirements\n           Request (RRR) to be submitted as part of the lSI quarter Fiscal Year 2012 submission to\n           obtain the necessary funding needed to address the monitoring of the WIDS data. Once\n           funding is obtained, CRP will be able to assign the necessary resources to monitor the\n           system,\n\n           CBP is presently engaged in transferring ownership of the EW! from Enterprise Networks\n           and Technology Support Division (ENTS) to the Network Security Office (NSO) and\n           Windows Server Farm (WSF). l\'he process entails the documentation of the tWI\n           Wireless Control System (WeS) Windows application information so that the NSO/WSF\n           can properly manage the EWI WCS ill terms of monilOring, configuration, administration\n           and generation of audit reports,\n\n           Currently, \\Vms is functioning at aUS1 CBP sites where EWI is deployed and logging is\n           occurring. Attached please find the following documentation demonstrating that wms is\n           enabled and logs are being generated:\n\n           \\Vms Signatures.doc - This document is made up of screen shots from the controller that\n           displays that WIDS is active. Please note that Cisco refers to WIDS under the naming of\n           WPS. Also, WPS/W1DS is enabled as a default configuration and was enabled out of the\n           box upon initial implementation of these devices.\n           WSf\'vfNWGOI configuration,txt This document is a copy of the configw\'ation showing\n           that WIDS is enabled.\n\n           Security Alarm Trending Summary 20110701 103802 374.pdf- This document is from\n           the Jog files over the past 12 weeks. The system is reporting the necessary data and the\n           logging servers are capturing this data,\n\n           Completion Date: January 1,2013\n\n\n\n\n                                                    Page 11\n\n\x0cAppendix B\nManagements Comments to the Draft Letter Report\n\n\n\n                                                         3\n\n\n           Recommendation #3: Establish a process to perform regular vulnerability assessments to\n           evaluate the effectiveness of the Enterprise Wireless Infrastructure\'s \\-vircless security and\n           to detect unauthorized wireless networks and devices.\n\n           eRP Response: Concur. Vulnerability scans have been set up for all EWI Wireless\n           Controllers. Vulnerability Assessment Team (VAT) scans are currently being conducted\n           by the Wireless Information Systems Security Officer (1880). A schedule will be\n           formalized by December 2011 to ensure the scans are conducted on a regular and\n           recurring basis.\n\n           Completion Date: December 31, 2011\n\n           With regard to the sensitivity of the draft report, CBP did not identify any sensitive\n           information that would require a "For Official Use Only" designation or warrant\n           protection under the Freedom of InforrnlHion AcL\n\n           If you have any questions regarding this response, please contact me or have a member of\n           your staff contact Ms. Ashley Boone, CBP Audit Liaison, at (202) 344-2539.\n\n\n\n\n                                                     Page 12\n\n\x0cAppendix C\nMajor Contributors to this Report\n\n                    Richard Saunders, Director\n                    Steve Matthews, IT Audit Manager\n                    Philip Greene, IT Audit Team Leader\n                    Jamie Horvath, IT Specialist\n                    Patrick Nadon, Report Consultant\n                    Frederick Shappee, Referencer\n\n\n\n\n                                      Page 13\n\x0cAppendix D\nReport Distribution\n                      Department of Homeland Security\n\n                      Secretary\n                      Deputy Secretary\n                      Chief of Staff\n                      Deputy Chief of Staff\n                      General Counsel\n                      Executive Secretariat\n                      Director, GAO/OIG Liaison Office\n                      Assistant Secretary for Office of Policy\n                      Assistant Secretary for Office of Public Affairs\n                      Assistant Secretary for Office of Legislative Affairs\n                      Chief Information Officer\n                      Chief Information Security Officer\n\n                      Customs and Border Protection\n\n                      CBP Commissioner\n                      CBP Chief Information Officer\n                      CBP Chief Information Security Officer\n                      CBP Audit Liaison\n\n                      Office of Management and Budget\n\n                      Chief, Homeland Security Branch\n                      DHS OIG Budget Examiner\n\n                      Congress\n\n                      Congressional Oversight and Appropriations Committee, as\n                      appropriate\n\n\n\n\n                                         Page 14\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100,\nfax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.\n\n\nOIG HOTLINE\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal\nmisconduct relative to department programs or operations:\n\n\xe2\x80\xa2 Call our Hotline at 1-800-323-8603;\n\n\xe2\x80\xa2 Fax the complaint directly to us at (202) 254-4292;\n\n\xe2\x80\xa2 Email us at DHSOIGHOTLINE@dhs.gov; or\n\n\xe2\x80\xa2 Write to us at:\n       DHS Office of Inspector General/MAIL STOP 2600,\n       Attention: Office of Investigations - Hotline,\n       245 Murray Drive, SW, Building 410,\n       Washington, DC 20528.\n\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'